CHAPT ER
12-1
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
12
Configuring Web-Based Authentication
This chapter describes how to configure web-based authentication on the Catalyst 3750-X or 3560-X
switch. It contains these sections:
Understanding Web-Based Authentication, page 12-1
Configuring Web-Based Authentication, page 12-9
Displaying Web-Based Authentication Status, page 12-17
Note For complete syntax and usage information for the switch commands used in this chapter, refer to the
command reference for this release.

Understanding Web-Based Authentication

Use the web-based authentication feature, known as web authentication proxy, to authenticate end users
on host systems that do not run the IEEE 802.1x supplicant.
Note You can configure web-based authentication on Layer 2 and Layer 3 interfaces. Layer 3 interfaces are
not supported on switches running the LAN base feature set.
When you initiate an HTTP session, web-based authentication intercepts ingress HTTP packets from the
host and sends an HTML login page to the users. The users enter their credentials, which the web-based
authentication feature sends to the authentication, authorization, and accounting (AAA) server for
authentication.
If authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host
and applies the access policies returned by the AAA server.
If authentication fails, web-based authentication forwards a Login-Fail HTML page to the user,
prompting the user to retry the login. If the user exceeds the maximum number of attempts, web-based
authentication forwards a Login-Expired HTML page to the host, and the user is placed on a watch list
for a waiting period.
These sections describe the role of web-based authentication as part of AAA:
Device Roles, page 12-2
Host Detection, page 12-2
Session Creation, page 12-3