C H A P T E R
10-1
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
10
Configuring Web-Based Authentication
This chapter describes how to configure web-based authentication. It contains these sections:
•
Understanding Web-Based Authentication, page 10-1
•
Configuring Web-Based Authentication, page 10-9
•
Displaying Web-Based Authentication Status, page 10-17
Note
For complete syntax and usage information for the switch commands used in this chapter, refer to the
command reference for this release.
Understanding Web-Based Authentication
Use the web-based authentication feature, known as
web authentication proxy
, to authenticate end users
on host systems that do not run the IEEE 802.1x supplicant.
Note
You can configure web-based authentication on Layer 2 and Layer 3 interfaces.
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the
host and sends an HTML login page to the users. The users enter their credentials, which the web-based
authentication feature sends to the authentication, authorization, and accounting (AAA) server for
authentication.
If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host
and applies the access policies returned by the AAA server.
If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user,
prompting the user to retry the login. If the user exceeds the maximum number of attempts, web-based
authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list
for a waiting period.
These sections describe the role of web-based authentication as part of AAA:
•
•
•
•