Re: 802.1x & Web Authentication

jain.nitin · ‎08-23-2009

Dear All, Can any one help me to understand concept of web authentication. Can it be used for Guest users authentication whose pcs are not 802.1x capable. Can they be groupd ina vlan based on user name & password via web-authentication. My requirement is to use 802.1x in network for coporate users & for guest users. If corporate users are authenticated then they will be placed in corporate vlan. which is working quite well. if guest users are from same company they should be placed in same vlan somehow & if guests are from different company then they should be placed in different vlans based on credentials remember guest laptops are not 802.1x enable/capable.

any one has idea how to achieve this without NAC hardware.

smahbub · ‎08-28-2009

You can use the web-based authentication feature to authenticate end users on host systems that do not run the IEEE 802.1X supplicant. You can configure the web-based authentication feature on Layer 2 and Layer 3 interfaces.

When a user initiates an HTTP session, the web-based authentication feature intercepts ingress HTTP packets from the host and sends an HTML login page to the user. The user keys in their credentials, which the web-based authentication feature sends to the AAA server for authentication. If the authentication succeeds, web-based authentication sends a Login-Successful HTML page to the host and applies the access policies returned by the AAA server.

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/webauth.html#wp1067205