Configuring Web-Based Authentication; Understanding Web-Based Authentication - Cisco Catalyst 2928 Software Configuration Manual

Configuring Web-Based Authentication

This chapter describes how to configure web-based authentication. It contains these sections:
•
•
•
For complete syntax and usage information for the switch commands used in this chapter, refer to the
Note
command reference for this release.

Understanding Web-Based Authentication

Use the web-based authentication feature, known as web authentication proxy, to authenticate end users
on host systems that do not run the IEEE 802.1x supplicant.
You can configure web-based authentication on Layer 2 and Layer 3 interfaces.
Note
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the
host and sends an HTML login page to the users. The users enter their credentials, which the web-based
authentication feature sends to the authentication, authorization, and accounting (AAA) server for
authentication.
If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host
and applies the access policies returned by the AAA server.
If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user,
prompting the user to retry the login. If the user exceeds the maximum number of attempts, web-based
authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list
for a waiting period.
These sections describe the role of web-based authentication as part of AAA:
•
•
•
•
OL-23389-01
Understanding Web-Based Authentication, page 10-1
Configuring Web-Based Authentication, page 10-9
Displaying Web-Based Authentication Status, page 10-17
Device Roles, page 10-2
Host Detection, page 10-2
Session Creation, page 10-3
Authentication Process, page 10-3
C H A P T E R
Catalyst 2928 Switch Software Configuration Guide
10
10-1