When To Use The Authentication Proxy - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Authentication Proxy Action with Client
Authenticating the user at the client
When to Use the Authentication Proxy
The following are some situations in which you can use the authentication proxy:
• You want to manage access privileges on an individual (per-user) basis using the services provided by
the authentication servers instead of configuring access control based on host IP address or global access
policies. Authenticating and authorizing users from any host IP address also allows network administrators
to configure host IP addresses using DHCP.
• You want to authenticate and authorize local users before permitting access to intranet or Internet services.
• You want to authenticate and authorize remote users before permitting access to local services.
• You want to control access for specific extranet users. For example, you might want to authenticate and
authorize the financial officer of a corporate partner with one set of access privileges while authorizing
the technology officer for that same partner to use another set of access privileges.
• You want to use the authentication proxy in conjunction with VPN client software to validate users and
to assign specific access privileges.
• You want to use the authentication proxy in conjunction with AAA accounting to generate "start" and
"stop" accounting records that can be used for billing, security, or resource allocation purposes, thereby
allowing users to track traffic from the authenticated hosts.
Applying Authentication Proxy
Apply the authentication proxy in the inbound direction at any interface on the router where you want per-user
authentication and authorization. Applying the authentication proxy inbound at an interface causes it to
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
Information About Web-Based Authentication
Description
Following the login attempt, the authentication proxy
action can vary depending on whether JavaScript is
enabled in the browser. If JavaScript is enabled, and
authentication is successful, the authentication proxy
displays a message indicating the status of the
authentication as shown in the Authentication Proxy
Login Status Message figure, in the How the
Authentication Proxy Works module. After the
authentication status is displayed, the proxy
automatically completes the HTTP connection.
If JavaScript is disabled, and authentication is
successful, the authentication proxy generates a popup
window with additional instructions for completing
the connection. See the Authentication Proxy Login
Status Message with JavaScript Disabled figure, in
the Secure Authentication module.
If authentication is unsuccessful in any case, the user
must log in again from the login page.
1419
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
