Device Roles - Cisco Catalyst 4500 series Administration Manual

About Web-Based Authentication
These sections describe the role of web-based authentication as part of the authentication, authorization,
and accounting (AAA) system:
•
•
•
•
•
•

Device Roles

With web-based authentication, the devices in the network have specific roles
Figure 48-1
The roles are as follows:
•
•
•
Host Detection
The switch maintains an IP device tracking table to store information about detected hosts.
Note By default, the IP device tracking feature is disabled on a switch. You must enable the IP device tracking
feature to use web-based authentication.
Software Configuration Guide—Release IOS XE 3.6.0E and IOS 15.2(2)E
48-2
Device Roles, page 48-2
Host Detection, page 48-2
Session Creation, page 48-3
Authentication Process, page 48-3
Customization of the Authentication Proxy Web Pages, page 48-4
Web-Based Authentication Interactions with Other Features, page 48-4
Web-Based Authentication Device Roles
Client—The device (workstation) that requests access to the LAN and switch services and responds
to requests from the switch. The workstation must be running an HTML browser with Java Script
enabled.
Authentication server—Performs the actual authentication of the client. The authentication server
validates the identity of the client and notifies the switch that the client is authorized to access the
LAN and switch services or that the client is denied.
Switch—Controls the physical access to the network based on the authentication status of the client.
The switch acts as an intermediary (proxy) between the client and the authentication server,
requesting identity information from the client, verifying that information with the authentication
server, and relaying a response to the client.
Chapter 48 Configuring Web-Based Authentication
(Figure 48-1).
OL-27597-01