CHAPTE R
14-1
Cisco IE 2000 Switch Software Configuration Guide
OL-25866-01
14
Configuring Web-Based Authentication

Finding Feature Information

Your software release may not support all the features documented in this chapter. For the latest feature
information and caveats, see the release notes for your platform and software release.
Use Cisco Feature Navigator to find information about platform support an d Cisco software image
support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on
Cisco.com is not required.

Prerequisites for Configuring Web-Based Authentication

By default, the IP device tracking feature is disabled on a switch. You must enable the IP device
tracking feature to use web-based authentication.
You must configure at least one IP address to run the switch HTTP server. You must also configure
routes to reach each host IP address. The HTTP server sends the HTTP login page to the host.
You must configure the default ACL on the interface before configuring web-based authentication.
Configure a port ACL for a Layer 2 interface.

Restrictions for Configuring Web-Based Authentication on the

IE 2000 Switch

Web-based authentication is an ingress-only feature.
You can configure web-based authentication only on access ports. Web-based authentication is not
supported on trunk ports, EtherChannel member ports, or dynamic trunk ports.
You cannot authenticate hosts on Layer 2 interfaces with static ARP cache assignment. These hosts
are not detected by the web-based authentication feature because they do not send ARP messages.
Hosts that are more than one hop away might experience traffic disruption if an STP t opology
change results in the host traffic arriving on a different port. This occurs because the ARP and DHCP
updates might not be sent after a Layer 2 (STP) topology change.
Web-based authentication does not support VLAN assignment as a downloadable-host po licy.
Web-based authentication is not supported for IPv6 traffic.