EasyManuals Logo
Home>Cisco>Switch>TrustSec

Cisco TrustSec User Manual

Cisco TrustSec
208 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #82 background imageLoading...
Page #82 background image
6-4
Cisco TrustSec Configuration Guide
OL-22192-01
Chapter 6 Configuring Endpoint Admission Control
Web Authentication Proxy Configuration
Web Authentication Proxy Configuration
Web Authentication Proxy (WebAuth) allows the user to use a web browser to transmit their login
credentials to the Cisco Secure ACS though a Cisco IOS web server on the access device. WebAuth can
be enabled independently. It does not require 802.1X or MAB to be configured.
The following example is a basic WebAuth configuration on a Gigabit Ethernet port:
switch(config)# ip http server
switch(config)# ip access-list extended POLICY
switch(config-ext-nacl)# permit udp any any eq bootps
switch(config-ext-nacl)# permit udp any any eq domain
switch(config)# ip admission name HTTP proxy http
switch(config)# fallback profile FALLBACK_PROFILE
switch(config-fallback-profile)# ip access-group POLICY in
switch(config-fallback-profile)# ip admission HTTP
switch(config)# interface GigabitEthernet2/1
switch(config-if)# authentication port-control auto
switch(config-if)# authentication fallback FALLBACK_PROFILE6500(config-if)#ip access-group
POLICY in
For additional information on configuring web-based authentication, see the configuration guide for
your access switch.
For additional information on the ip http server command, see the Cisco IOS Network Management
Command Reference entry at the at the following URL:
http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_08.html#wp1022387
Verifying Web Authentication Proxy Configuration
To verify the Web Authentication Proxy configuration, access the interface IP address with a web
browser. If configured correctly, the access device generates a challenge and accepts valid login
information.
To verify the Web Authentication proxy configuration with the CLI, use the show authentication
interface command.
switch# show authentication interface gigabitEthernet 2/1
Client list:
Interface MAC Address Domain Status Session ID
Gi2/1 000c.293a.048e DATA Authz Success AC1AD01F0000000904BBECD8
Available methods list:
Handle Priority Name
1 2 webauth
Runnable methods list:
Handle Priority Name
1 0 webauth

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco TrustSec and is the answer not in the manual?

Cisco TrustSec Specifications

General IconGeneral
BrandCisco
ModelTrustSec
CategorySwitch
LanguageEnglish

Related product manuals