10-14
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 10 Configuring Web-Based Authentication
Configuring Web-Based Authentication
When configuring customized authentication proxy web pages, follow these guidelines:
•
To enable the custom web pages feature, specify all four custom HTML files. If you specify fewer
than four files, the internal default HTML pages are used.
•
The four custom HTML files must be present on the flash memory of the switch. The maximum size
of each HTML file is 8 KB.
•
Any images on the custom pages must be on an accessible HTTP server. Configure an intercept ACL
within the admission rule.
•
Any external link from a custom page requires configuration of an intercept ACL within the
admission rule.
•
T o access a valid DNS server, any name resolution required for external links or images requires
configuration of an intercept ACL within the admission rule.
•
If the custom web pages feature is enabled, a configured auth-proxy-banner is not used.
•
If the custom web pages feature is enabled, the redirection URL for successful login feature is not
available.
•
To remove the specification of a custom file, use the
no
form of the command.
Because the custom login page is a public web form, consider these guidelines for the page:
•
The login form must accept user entries for the username and password and must show them as
uname
and
pwd
.
•
The custom login page should follow best practices for a web form, such as page timeout, hidden
password, and prevention of redundant submissions.
This example shows how to configure custom authentication proxy web pages:
Switch(config)#
ip admission proxy http login page file flash:login.htm
Switch(config)#
ip admission proxy http success page file flash:success.htm
Switch(config)#
ip admission proxy http fail page file flash:fail.htm
Switch(config)#
ip admission proxy http login expired page flash flash:expired.htm
This example shows how to verify the configuration of a custom authentication proxy web pages:
Switch#
show ip admission configuration
Authentication proxy webpage
Login page : flash:login.htm
Success page : flash:success.htm
Fail Page : flash:fail.htm
Login expired Page : flash:expired.htm
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Session ratelimit is 100
Authentication Proxy Watch-list is disabled
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Step 3
ip admission proxy http failure page file
device:fail-filename
Specify the location of the custom HTML file to use in
place of the default login failure page.
Step 4
ip admission proxy http login expired page file
device:expired-filename
Specify the location of the custom HTML file to use in
place of the default login expired page.
Command
Purpose