11-16
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 11 Configuring Web-Based Authentication
Configuring Web-Based Authentication
This example shows how to determine whether any connected hosts are in the AAA Down state:
Switch# show ip admission cache
Authentication Proxy Cache
Client IP 209.165.201.11 Port 0, timeout 60, state ESTAB (AAA Down)
This example shows how to view detailed information about a particular session based on the host IP
address:
Switch# show ip admission cache 209.165.201.11
Address : 209.165.201.11
MAC Address : 0000.0000.0000
Interface : Vlan333
Port : 3999
Timeout : 60
Age : 1
State : AAA Down
AAA Down policy : AAA_FAIL_POLICY
Configuring the Web-Based Authentication Parameters
You can configure the maximum number of failed login attempts before the client is placed in a watch
list for a waiting period.
This example shows how to set the maximum number of failed login attempts to 10:
Switch(config)# ip admission max-login-attempts 10
Configuring a Web Authentication Local Banner
Beginning in privileged EXEC mode, follow these steps to configure a local banner on a switch that has
web authentication configured.
Command Purpose
Step 1
ip admission max-login-attempts number Set the maximum number of failed login attempts. The
range is 1 to 2147483647 attempts. The default is 5.
Step 2
end Returns to privileged EXEC mode.
Step 3
show ip admission configuration Display the authentication proxy configuration.
Step 4
show ip admission cache Display the list of authentication entries.
Step 5
copy running-config startup-config (Optional) Save your entries in the configuration file.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
ip admission auth-proxy-banner http
[banner-text | file-path]
Enable the local banner.
(Optional) Create a custom banner by entering C banner-text C, where
C is a delimiting character or a file-path indicates a file (for example, a
logo or text file) that appears in the banner.