CHAPTER
52-1
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
52
Configuring Web-Based Authentication
This chapter describes how to configure web-based authentication. It consists of these sections:
• About Web-Based Authentication, page 52-1
• Configuring Web-Based Authentication, page 52-6
• Displaying Web-Based Authentication Status, page 52-14
Note For complete syntax and usage information for the switch commands used in this chapter, see the
Cisco IOS Command Reference Guides for the Catalyst 4500 Series Switch.
If a command is not in the Cisco Catalyst 4500 Series Switch Command Reference , you can locate it in
the Cisco IOS Master Command List, All Releases.
About Web-Based Authentication
The web-based authentication feature, known as Web Authentication Proxy, enables you to authenticate
end users on host systems that do not run the IEEE 802.1X supplicant.
Note You can configure web-based authentication on Layer 2 and Layer 3 interfaces.
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the
host and sends an HTML login page to the user. The user keys in their credentials, which the web-based
authentication feature sends to the AAA server for authentication:
• If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the
host and applies the access policies returned by the AAA server.
• If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user,
prompting the user to retry the login. If the user exceeds the maximum number of attempts,
web-based authentication forwards a Login-Expired HTML page to the host and the user is placed
on a watch-list for a waiting period.
These sections describe the role of web-based authentication as part of the authentication, authorization,
and accounting (AAA) system:
• Device Roles, page 52-2
• Host Detection, page 52-2
• Session Creation, page 52-3
To Next Page
Loading...
