In this lesson, we will focus on one of the important authentication methods covered in CCNP ENCOR Exam. This is WebAuth (Web Authentication). Here, we will learn what is WebAuth, why we use it and what are the types of WebAuth. Now, let’s start with what is WebAuth first.
Table of Contents
WebAuth (Web Authentication) is an authentication method generally used as fallback authentication method. This authentication method needs a interactive user to enter the user credentials to the web browser. So, this authentication type is usable for the end devices which has user. It is not an authentication method for a printer, a security cam or any other device which has no user.
In the system which uses WebAuth, users need to be authenticated first to access the network. Before this authentication, only DNS/DHCP traffic is passed.
With this authentication method, user must use a browser to access WebAuth content. After accessing this content, user enters his/her username and password to access the system. User credentials are sent from the authenticator switch or WLC to the RADIUS Server via RADIUS Access-Request Message. These credentials can be the existing user credentials stored in Active Directory or they can be guest user credentials. WebAuth is generally used for guest authentication for Wi-Fi access.
WebAuth (Web Authentication) can be used with other authentication methods like PSK (Pre-Shared Key), EAP (Extensible Authentication Protocol) etc.
There are two different types of WebAuth. These types are given below:
For small networks, WebAuth can be locally managed, LWA (Local Web Authentication) can be used.
For large networks with several WLCs, WebAuth uses a centralized database on an external database on a RADIUS server, like Cisco Identity Services Engine (ISE).
Let’s learn each of these WebAuth types detailly.
LWA (Local Web Authentication) is the first authentication type of WebAuth. In other words, firstly, LWA (Local Web Authentication) was developed. In Web Authentication type, WLC or the switch redirects web traffic to the locally hosted web portal where users can enter their username and password to authenticate on the system. After this process, the user credentials are sent to the RADIUS Server with an Access-Request Message.
LWA (Local Web Authentication) is ideal for small networks.
There are different ways of LWA setup. These are given below:
CWA (Centralised Web Authentication) with ISE, is the second Web Authentication type. CWA was developed to overcome the limitations of LWA. Centralised Web Authentication provides some advance services like below:
CWA (Centralised Web Authentication) is ideal for large networks which uses a centralized database on an external database on a RADIUS server, like Cisco Identity Services Engine (ISE).
There are some common steps for CWA (Centralised Web Authentication). These steps are given below:
Using Web Authentication has several benefits. So, what are the benefits of WebAuth?These benefits are given below:
These are some benefits of this WebAuth authentication type. It is very important especially for todays’s network access.