CHAPTER
48-1
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
OL-27597-01
48
Configuring Web-Based Authentication
This chapter describes how to configure web-based authentication. It consists of these sections:
• About Web-Based Authentication, page 48-1
• Configuring Web-Based Authentication, page 48-6
• Displaying Web-Based Authentication Status, page 48-14
Note For complete syntax and usage information for the switch commands used in this chapter, first look at
the Cisco Catalyst 4500 Series Switch Command Reference and related publications at this location:
http://www.cisco.com/en/US/products/hw/switches/ps4324/index.html
If the command is not found in the Catalyst 4500 Series Switch Command Reference, it will be found in
the larger Cisco IOS library. Refer to the Cisco IOS Command Reference and related publications at this
location:
http://www.cisco.com/en/US/products/ps6350/index.html
About Web-Based Authentication
The web-based authentication feature, known as Web Authentication Proxy, enables you to authenticate
end users on host systems that do not run the IEEE 802.1X supplicant.
Note You can configure web-based authentication on Layer 2 and Layer 3 interfaces.
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the
host and sends an HTML login page to the user. The user keys in their credentials, which the web-based
authentication feature sends to the AAA server for authentication:
• If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the
host and applies the access policies returned by the AAA server.
• If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user,
prompting the user to retry the login. If the user exceeds the maximum number of attempts,
web-based authentication forwards a Login-Expired HTML page to the host and the user is placed
on a watch list for a waiting period.
To Next Page
Loading...
