EasyManuals Logo

Cisco Catalyst 3750-X User Manual

Cisco Catalyst 3750-X
1438 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #363 background imageLoading...
Page #363 background image
12-3
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 12 Configuring Web-Based Authentication
Understanding Web-Based Authentication
Session Creation
When web-based authentication detects a new host, it creates a session as follows:
Reviews the exception list.
If the host IP is included in the exception list, the polic
y from the exception list entry is applied, and
the session is established.
Reviews for authorization bypass
If the host IP is not on the exception list, web-b
ased authentication sends a nonresponsive-host
(NRH) request to the server.
If the server response is a
ccess accepted, authorization is bypassed for this host. The session is
established.
Sets up the HTTP intercept ACL
If the server response to the NRH request is ac
cess rejected, the HTTP intercept ACL is activated,
and the session waits for HTTP traffic from the host.
Authentication Process
When you enable web-based authentication, these events occur:
The user initiates an HTTP session.
The HTTP traffic is intercepted, and authorization is initiated. The switch sends the login page to
the user. The user enters a username and password, and the switch sends the entries to the
authentication server.
If the authentication succeeds, the switch downloads and activates the user’s access policy from the
authentication server. The login success page is sent to the user.
If the authentication fails, the switch sends the login fail page. The user retries the login. If the
maximum number of attempts fails, the switch sends the login expired page, and the host is placed
in a watch list. After the watch list times out, the user can retry the authentication process.
If the authentication server does not respond to the switch, and if an AAA fail policy is configured,
the switch applies the failure access policy to the host. The login success page is sent to the user.
(See the “Local Web Authentication
Banner” section on page 12-4.)
The switch reauthenticates a client when the host does not respond to an ARP probe on a Layer 2
interface, or when the host does not send any traffic within the idle timeout on a Layer 3 interface.
The feature applies the downloaded timeout or the locally configured session timeout.
If the terminate action is RADIUS, the feature sends a nonresponsive host (NRH) request to the
server. The terminate action is included in the response from the server.
If the terminate action is default, the session is dismantled, and the applied policy is removed.

Table of Contents

Other manuals for Cisco Catalyst 3750-X

Preview: Command Reference
Command Reference1244 pages
Preview: Message Guide
Message Guide150 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 3750-X and is the answer not in the manual?

Cisco Catalyst 3750-X Specifications

General IconGeneral
Switching Capacity160 Gbps
Stacking Bandwidth64 Gbps
Max Stacking Units9
Layer SupportLayer 2 and Layer 3
Form FactorRack-mountable
DRAM256 MB
Flash Memory64 MB
ModelCisco Catalyst 3750-X Series
Ports24 or 48 10/100/1000 Ethernet ports
Uplink Interfaces4 SFP or 2 SFP+
FeaturesStackWise Plus, EnergyWise
ImageIP Base or IP Services
Operating Temperature0 to 40°C
Operating Humidity10 to 85% noncondensing

Related product manuals