52-12
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 52 Configuring Web-Based Authentication
Configuring Web-Based Authentication
• Any external link from a custom page requires configuration of an intercept ACL within the
admission rule.
• Any name resolution required for external links or images requires configuration of an intercept
ACL within the admission rule to access a valid DNS server.
• If the custom web pages feature is enabled, a configured auth-proxy-banner is not used.
• If the custom web pages feature is enabled, the redirection URL for successful login feature is not
available.
• To remove the specification of a custom file, use the no form of the command.
Because the custom login page is a public web form, consider the following guidelines for this page:
• The login form must accept user input for the username and password and must POST the data as
uname and pwd.
• The custom login page should follow best practices for a web form, such as page timeout, hidden
password, and prevention of redundant submissions.
The following example shows how to configure custom authentication proxy web pages:
Switch(config)# ip admission proxy http login page file disk1:login.htm
Switch(config)# ip admission proxy http success page file disk1:success.htm
Switch(config)# ip admission proxy http fail page file disk1:fail.htm
Switch(config)# ip admission proxy http login expired page file disk1:expired.htm
The following example shows how to verify the configuration of custom authentication proxy web pages:
Switch# show ip admission configuration
Authentication proxy webpage
Login page : disk1:login.htm
Success page : disk1:success.htm
Fail Page : disk1:fail.htm
Login expired Page : disk1:expired.htm
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Session ratelimit is 100
Authentication Proxy Watch-list is disabled
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Specifying a Redirection URL for Successful Login
With Cisco IOS Release 12.2(50)SG, you have the option to specify a URL to which the user is
redirected upon successful authentication, effectively replacing the internal Success HTML page.
To specify a redirection URL for successful login, perform this task:
When configuring a redirection URL for successful login, consider the following guidelines:
Command Purpose
Switch(config)# ip admission proxy http success
redirect url-string
Specifies a URL for redirection of the user in place of the
default login success page.
To Next Page
Loading...
