Use the web-based authentication feature, known as web authentication proxy, to authenticate end users on host systems that do not run the IEEE 802.1x supplicant. You can configure web-based authentication on Layer 2 and Layer 3 interfaces.

When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the host and sends an HTML login page to the users. The users enter their credentials, which the web-based authentication feature sends to the authentication, authorization, and accounting (AAA) server for authentication.
If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host and applies the access policies returned by the AAA server.
If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user, prompting the user to retry the login. If the user exceeds the maximum number of attempts, web-based authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list for a waiting period.

This example shows how to enable web-based authentication

Switch(config)# ip admission name webauth1 proxy http

Switch(config)# interface fastethernet 5/1

Switch(config-if)# ip admission webauth1

Switch(config-if)# exit

Switch(config)# ip device tracking

This example shows how to verify the configuration:

Switch# show ip admission configuration

Authentication Proxy Banner not configured

Authentication global cache time is 60 minutes

Authentication global absolute time is 0 minutes

Authentication global init state time is 2 minutes

Authentication Proxy Watch-list is disabled

Authentication Proxy Rule Configuration

Auth-proxy name webauth1

http list not specified inactivity-time 60 minutes

Authentication Proxy Auditing is disabled

Max Login attempts per user is 5

Post By Gishore J Kallarackal (2,121 Posts)

Gishore J Kallarackal is the founder of techgurulive. The purpose of this site is to share information about free resources that techies can use for reference. You can follow me on the social web, subscribe to the RSS Feed or sign up for the email newsletter for your daily dose of tech tips & tutorials. You can content me via @twitter or e-mail.

Website: → Techgurulive