Cisco Systems 3560X Manual De Usuario

With web-based authentication, the devices in the network have these specific roles:

—The device (workstation) that requests access to the LAN and the services and responds to 

requests from the switch. The workstation must be running an HTML browser with Java Script 
enabled.

—Authenticates the client. The authentication server validates the identity of 

the client and notifies the switch that the client is authorized to access the LAN and the switch 
services or that the client is denied.

—Controls the physical access to the network based on the authentication status of the client. 

The switch acts as an intermediary (proxy) between the client and the authentication server, 
requesting identity information from the client, verifying that information with the authentication 
server, and relaying a response to the client.

 shows the roles of these devices in a network:

The switch maintains an IP device tracking table to store information about detected hosts.

By default, the IP device tracking feature is disabled on a switch. You must enable the IP device tracking 
feature to use web-based authentication.

For Layer 2 interfaces, web-based authentication detects IP hosts by using these mechanisms:

ARP based trigger—ARP redirect ACL allows web-based authentication to detect hosts with a static 
IP address or a dynamic IP address.

Dynamic ARP inspection

DHCP snooping—Web-based authentication is notified when the switch creates a DHCP-binding 
entry for the host.

Workstations

(clients)

Catalyst switch

or

Cisco Router

Authentication

server

(RADIUS)

79549