Configuring Web-Based Authentication
•
•
•
•
Web-Based Authentication Configuration Task List
•
•
•
•
•
•
•
Configuring the Authentication Rule and Interfaces
Command
Step 1
ip admission name name proxy http
Step 2
interface type slot/port
Step 3
ip access-group name
Step 4
ip admission name
Step 5
exit
Step 6
ip device tracking
Step 7
end
Step 8
show ip admission configuration
Step 9
copy running-config startup-config
This example shows how to enable web-based authentication on Fast Ethernet port 5/1:
Switch(config)# ip admission name webauth1 proxy http
Switch(config)# interface fastethernet 5/1
Switch(config-if)# ip admission webauth1
Switch(config-if)# exit
Switch(config)# ip device tracking
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
11-10
Hosts that are more than one hop away might experience traffic disruption if an STP topology
change results in the host traffic arriving on a different port. This occurs because the ARP and DHCP
updates might not be sent after a Layer 2 (STP) topology change.
Web-based authentication does not support VLAN assignment as a downloadable-host policy.
Web-based authentication is not supported for IPv6 traffic.
Web-based authentication and Network Edge Access Topology (NEAT) are mutually exclusive. You
cannot use web-based authentication when NEAT is enabled on an interface, and you cannot use
NEAT when web-based authentication is running on an interface.
Configuring the Authentication Rule and Interfaces, page 11-10
Configuring AAA Authentication, page 11-11
Configuring Switch-to-RADIUS-Server Communication, page 11-11
Configuring the HTTP Server, page 11-13
Configuring the Web-Based Authentication Parameters, page 11-15
Configuring the Web-Based Authentication Parameters, page 11-15
Removing Web-Based Authentication Cache Entries, page 11-16
Purpose
Configure an authentication rule for web-based authorization.
Enter interface configuration mode and specifies the ingress Layer 2 or
Layer 3 interface to be enabled for web-based authentication.
type can be fastethernet, gigabit ethernet, or tengigabitethernet.
Apply the default ACL.
Configures web-based authentication on the specified interface.
Return to configuration mode.
Enables the IP device tracking table.
Return to privileged EXEC mode.
Display the configuration.
(Optional) Save your entries in the configuration file.
Chapter 11
Configuring Web-Based Authentication
OL-26520-01