Multiple Hosts Per Port; High Availability; Host State - Cisco WS-C6506 Software Manual

Understanding How Web-Based Proxy Authentication Works
Success Page
The success page is an auto-redirection page that automatically redirects the client browser to the URL
that you tried to access initially. The success page is not displayed, it is auto-redirected to the original page.
Login-Fail Page
The login-fail page, which contains information about the authentication failure, allows you to reenter
the credentials if an authentication fails. The login-fail page contains all the fields of a login page and
information about the authentication failure.
Note An authentication failure can occur if you enter the wrong username/password or if you select the "I
don't have an account" option and the switch does not have default policies configured for this option.
A default login-fail page displays if a customized login-fail page is not specified.

Multiple Hosts Per Port

Web-based proxy authentication authenticates all the hosts (IP addresses) that are seen on the port. The
maximum number of hosts supported on a port is 32.
A new web-based proxy authentication state is created for every new host that is seen on the port. If you
enable web-based proxy authentication on a port that has multiple DHCP bindings already created,
web-based proxy authentication is initialized for all IP addresses.

High Availability

Web-based proxy authentication supports high availability. Only the information from the authenticated
hosts is synchronized to the standby supervisor engine. All authenticated hosts remain authenticated
upon a switchover. The notification from unauthenticated or authentication in-progress hosts is not
synchronized. Web-based proxy authentication initializes these hosts upon a switchover and
authentication restarts.
For example, if you entered the credentials and submitted a login page, and the switch sent the
credentials to RADIUS and was waiting for a response, if the switchover occurs, the credentials that you
entered are lost and the login page is resent to the host when you try to access any URL. You must reenter
the credentials.

Host State

The host state determines if the host is granted access to the network. The host states are as follows:
•
•
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
42-6
Initialize—Occurs when the IP address of the host is registered with URL redirection for redirecting
any HTTP packet from this host to the supervisor engine. After receiving the first HTTP-intercepted
packet, the host state changes to the connecting state.
Connecting—Occurs when the login page displays to the client and waits for a response from the
client. When the host receives the HTTP POST response, the host state changes to the authenticating
state.
Chapter 42 Configuring Web-Based Proxy Authentication
OL-8978-04