242
Configuring Web-Based Authentication
Information About Configuring Web-Based Authentication
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the host and sends
an HTML login page to the users. The users enter their credentials, which the web-based authentication feature sends
to the authentication, authorization, and accounting (AAA) server for authentication.
If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host and applies the
access policies returned by the AAA server.
If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user, prompting the user to
retry the login. If the user exceeds the maximum number of attempts, web-based authentication forwards a
Login-Expired HTML page to the host, and the user is placed on a watch list for a waiting period.
These sections describe the role of web-based authentication as part of AAA:
Device Roles, page 242
Host Detection, page 242
Session Creation, page 243
Authentication Process, page 243
Web Authentication Customizable Web Pages, page 246
Web-Based Authentication Interactions with Other Features, page 247
Device Roles
With web-based authentication, the devices in the network have these specific roles:
Client—The device (workstation) that requests access to the LAN and the services and responds to requests from
the switch. The workstation must be running an HTML browser with Java Script enabled.
Authentication server—Authenticates the client. The authentication server validates the identity of the client and
notifies the switch that the client is authorized to access the LAN and the switch services or that the client is denied.
Switch—Controls the physical access to the network based on the authentication status of the client. The switch acts
as an intermediary (proxy) between the client and the authentication server, requesting identity information from the
client, verifying that information with the authentication server, and relaying a response to the client.
Figure 24 Web-Based Authentication Device Roles
Host Detection
The switch maintains an IP device tracking table to store information about detected hosts.
Note: By default, the IP device tracking feature is disabled on a switch. You must enable the IP device tracking feature
to use web-based authentication.
To Next Page
Loading...
Need help?
General