Support User Manuals

Cisco Systems 2960 Model Vehicle User Manual

Open as PDF

of 1004

11-15

Catalyst 2960 and 2960-S Switch Software Configuration Guide

OL-8603-09

Chapter 11 Configuring Web-Based Authentication

Configuring Web-Based Authentication

Specifying a Redirection URL for Successful Login

You can specify a URL to which the user is redirected after authentication, effectively replacing the

internal Success HTML page.

When configuring a redirection URL for successful login, consider these guidelines:

• If the custom authentication proxy web pages feature is enabled, the redirection URL feature is

disabled and is not available in the CLI. You can perform redirection in the custom-login success

page.

• If the redirection URL feature is enabled, a configured auth-proxy-banner is not used.

• To remove the specification of a redirection URL, use the no form of the command.

This example shows how to configure a redirection URL for successful login:

Switch(config)# ip admission proxy http success redirect www.cisco.com

This example shows how to verify the redirection URL for successful login:

Switch# show ip admission configuration

Authentication Proxy Banner not configured

Customizable Authentication Proxy webpage not configured

HTTP Authentication success redirect to URL: http://www.cisco.com

Authentication global cache time is 60 minutes

Authentication global absolute time is 0 minutes

Authentication global init state time is 2 minutes

Authentication Proxy Watch-list is disabled

Authentication Proxy Max HTTP process is 7

Authentication Proxy Auditing is disabled

Max Login attempts per user is 5

Configuring an AAA Fail Policy

This example shows how to apply an AAA failure policy:

Switch(config)# ip admission name AAA_FAIL_POLICY proxy http event timeout aaa policy

identity GLOBAL_POLICY1

Command Purpose

ip admission proxy http success redirect url-string Specify a URL for redirection of the user in place of the

default login success page.

Command Purpose

Step 1

ip admission name rule-name proxy

http event timeout aaa policy identity

identity_policy_name

Create an AAA failure rule and associate an identity policy to be apply to

sessions when the AAA server is unreachable.

Note To remove the rule, use the no ip admission name rule-name

proxy http event timeout aaa policy identity global

configuration command.

Step 2

ip admission ratelimit aaa-down

number_of_sessions

(Optional) Rate-limit the authentication attempts from hosts in the

AAA down state to avoid flooding the AAA server when it returns to

service.

previous next