Acls; Context-Based Access Control; Etherchannel; How To Configure Web-Based Authentication - Cisco Catalyst 2960-XR Security Configuration Manual

How to Configure Web-Based Authentication

ACLs

If you configure a VLAN ACL or a Cisco IOS ACL on an interface, the ACL is applied to the host traffic
only after the web-based authentication host policy is applied.
For Layer 2 web-based authentication, it is more secure, though not required, to configure a port ACL (PACL)
as the default access policy for ingress traffic from hosts connected to the port. After authentication, the
web-based authentication host policy overrides the PACL. The Policy ACL is applied to the session even if
there is no ACL configured on the port.
You cannot configure a MAC ACL and web-based authentication on the same interface.
You cannot configure web-based authentication on a port whose access VLAN is configured for VACL
capture.

Context-Based Access Control

Web-based authentication cannot be configured on a Layer 2 port if context-based access control (CBAC) is
configured on the Layer 3 VLAN interface of the port VLAN.

EtherChannel

You can configure web-based authentication on a Layer 2 EtherChannel interface. The web-based authentication
configuration applies to all member channels.
How to Configure Web-Based Authentication

Default Web-Based Authentication Configuration

The following table shows the default web-based authentication configuration.
Table 28: Default Web-based Authentication Configuration
Feature
AAA
RADIUS server
Default value of inactivity timeout
Inactivity timeout
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
310
• IP address
• UDP authentication port
• Key
Configuring Web-Based Authentication
Default Setting
Disabled
• None specified
• 1645
• None specified
3600 seconds
Enabled
OL-29434-01