Name: Cisco Catalyst 4500 Series
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

52-7

Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex

Chapter 52 Configuring Web-Based Authentication

Configuring Web-Based Authentication

proxyacl# 40=permit udp any any eq tftp

Note The proxyacl entry determines the type of allowed network access.

• Web-based authentication is an ingress-only feature.

• You can configure web-based authentication only on access ports. Web-based authentication is not

supported on trunk ports, EtherChannel member ports, or dynamic trunk ports.

• You must configure the default ACL on the interface before configuring web-based authentication.

Configure a port ACL for a Layer 2 interface, or a Cisco IOS ACL for a Layer 3 interface.

• On Layer 2 interfaces, you cannot authenticate hosts with static ARP cache assignment. These hosts

are not detected by the web-based authentication feature, because they do not send ARP messages.

• By default, the IP device tracking feature is disabled on a switch. You must enable the IP device

tracking feature to use web-based authentication.

• You must configure at least one IP address to run the HTTP server on the switch. You must also

configure routes to reach each host IP address. The HTTP server sends the HTTP login page to the

host.

• Hosts that are more than one hop away may experience traffic disruption if an STP topology change

results in the host traffic arriving on a different port. it is because ARP and DHCP updates may not

be sent after a Layer 2 (STP) topology change.

• Web-based authentication does not support VLAN assignment as a downloadable host policy.

• Cisco IOS Release 12.2(50)SG supports downloadable ACLs (DACLs) from the RADIUS server.

• Web-based authentication is not supported for IPv6 traffic.

Web-Based Authentication Configuration Task List

To configure the web-based authentication feature, perform the following tasks:

• Configuring the Authentication Rule and Interfaces, page 52-7

• Configuring AAA Authentication, page 52-9

• Configuring Switch-to-RADIUS-Server Communication, page 52-9

• Configuring the HTTP Server, page 52-11

• Configuring the Web-Based Authentication Parameters, page 52-13

• Removing Web-Based Authentication Cache Entries, page 52-14

Configuring the Authentication Rule and Interfaces

To configure web-based authentication, perform this task:

Command Purpose

Step 1

Switch(config)# ip admission name name proxy http

Configures an authentication rule for web-based

authorization.

Switch(config)# no ip admission name name

Removes the authentication rule.

Other manuals for Cisco Catalyst 4500 Series

Manual19 pages

Command Reference Guide1230 pages

System Message Guide150 pages

Configuration Guide1610 pages

Administration Guide1814 pages

Message Guide146 pages

Installation Guide194 pages

Datasheet11 pages

Overview46 pages

Quick Reference Guide59 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General

Series	Catalyst 4500 Series
Category	Switch
Layer Support	Layer 2, Layer 3
Form Factor	Modular chassis
Stackable	No
Chassis Slots	3, 6, 7, 10
Power Supply Options	AC, DC
Redundancy	Power supply, Supervisor engine
Network Management	Cisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
Features	Security, QoS
Port Density	Up to 384 ports per chassis
Security Features	802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine	8-E