Configuring Web-Based Authentication - Cisco Catalyst 4500 Series Configuration Manual
Release ios xe 3.3.0sg and ios 15.1(1)sg
Hide thumbs
Also See for Catalyst 4500 Series:
- Software configuration manual (2086 pages) ,
- Administration manual (1814 pages) ,
- Configuration manual (1254 pages)
Table of Contents
Advertisement
Configuring Web-Based Authentication
Configuring Web-Based Authentication
These sections describe how to configure web-based authentication:
•
•
•
•
•
•
•
•
•
Default Web-Based Authentication Configuration
Table 46-1
Table 46-1
Feature
AAA
RADIUS server
•
•
•
Default value of inactivity timeout
Inactivity timeout
Web-Based Authentication Configuration Guidelines and Restrictions
When configuring web-based authentication, consider these guidelines and restrictions:
•
Software Configuration Guide—Release IOS XE 3.3.0SG and IOS 15.1(1)SG
46-6
Default Web-Based Authentication Configuration, page 46-6
Web-Based Authentication Configuration Guidelines and Restrictions, page 46-6
Web-Based Authentication Configuration Task List, page 46-7
Configuring the Authentication Rule and Interfaces, page 46-7
Configuring AAA Authentication, page 46-9
Configuring Switch-to-RADIUS-Server Communication, page 46-9
Configuring the HTTP Server, page 46-11
Configuring the Web-Based Authentication Parameters, page 46-13
Removing Web-Based Authentication Cache Entries, page 46-14
shows the default web-based authentication configuration.
Default Web-based Authentication Configuration
IP address
UDP authentication port
Key
Web authentication requires two Cisco Attribute-Value (AV) pair attributes:
The first attribute, priv-lvl=15, must always be set to 15. This sets the privilege level of the user who
is logging into the switch.
The second attribute is an access list to be applied for web-authenticated hosts. The syntax is similar
to 802.1x per-user access control lists (ACLs). However, instead of ip:inacl, this attribute must begin
with proxyacl, and the source field in each entry must be any. (After authentication, the client IP
address replaces the any field when the ACL is applied.)
For example:
proxyacl# 10=permit ip any 10.0.0.0 255.0.0.0
proxyacl# 20=permit ip any 11.1.0.0 255.255.0.0
proxyacl# 30=permit udp any any eq syslog
Chapter 46
Configuring Web-Based Authentication
Default Setting
Disabled
None specified
•
1812
•
None specified
•
3600 seconds
Enabled
OL-25340-01
- Quick Links:
- Resetting a Switch to Factory Default...
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
