10-6
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 10 Configuring Web-Based Authentication
Understanding Web-Based Authentication
Web Authentication Customizable Web Pages
During the web-based authentication process, the switch internal HTTP server hosts four HTML pages
to deliver to an authenticating client. The server uses these pages to notify you of these
four-authentication process states:
•
Login—Your credentials are requested.
•
Success—The login was successful.
•
Fail—The login failed.
•
Expire—The login session has expired because of excessive login failures.
Guidelines
•
You can substitute your own HTML pages for the default internal HTML pages.
•
You can use a logo or specify text in the
login
,
success
,
failure
, and
expire
web pages.
•
On the banner page, you can specify text in the login page.
•
The pages are in HTML.
•
You must include an HTML redirect command in the success page to access a specific URL.
•
The URL string must be a valid URL (for example, http://www.cisco.com). An incomplete URL
might cause
page not found
or similar errors on a web browser.
•
If you configure web pages for HTTP authentication, they must include the appropriate HTML
commands (for example, to set the page time out, to set a hidden password, or to confirm that the
same page is not submitted twice).
•
The CLI command to redirect users to a specific URL is not available when the configured login
form is enabled. The administrator should ensure that the redirection is configured in the web page.
•
If the CLI command redirecting users to specific URL after authentication occurs is entered and then
the command configuring web pages is entered, the CLI command redirecting users to a specific
URL does not take effect.
•
Configured web pages can be copied to the switch boot flash or flash.
•
Configured pages can be accessed from the flash on the stack master or members.
•
The login page can be on one flash, and the success and failure pages can be another flash (for
example, the flash on the stack master or a member).
•
You must configure all four pages.
•
The banner page has no effect if it is configured with the web page.
•
All of the logo files (image, flash, audio, video, and so on) that are stored in the system directory
(for example, flash, disk0, or disk) and that must be displayed on the login page must use
web_auth_<filename>
as the file name.
•
The configured authentication proxy feature supports both HTTP and SSL.
You can substitute your HTML pages, as shown in
, for the default internal
HTML pages. You can also specify a URL to which users are redirected after authentication occurs,
which replaces the internal Success page.