10-15
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 10 Configuring Web-Based Authentication
Configuring Web-Based Authentication
Specifying a Redirection URL for Successful Login
You can specify a URL to which the user is redirected after authentication, effectively replacing the
internal S
uccess
HTML page.
When configuring a redirection URL for successful login, consider these guidelines:
•
If the custom authentication proxy web pages feature is enabled, the redirection URL feature is
disabled and is not available in the CLI. You can perform redirection in the custom-login success
page.
•
If the redirection URL feature is enabled, a configured auth-proxy-banner is not used.
•
To remove the specification of a redirection URL, use the
no
form of the command.
This example shows how to configure a redirection URL for successful login:
Switch(config)#
ip admission proxy http success redirect www.cisco.com
This example shows how to verify the redirection URL for successful login:
Switch#
show ip admission configuration
Authentication Proxy Banner not configured
Customizable Authentication Proxy webpage not configured
HTTP Authentication success redirect to URL: http://www.cisco.com
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Watch-list is disabled
Authentication Proxy Max HTTP process is 7
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Configuring an AAA Fail Policy
This example shows how to apply an AAA failure policy:
Switch(config)#
ip admission name AAA_FAIL_POLICY proxy http event timeout aaa policy
identity GLOBAL_POLICY1
Command
Purpose
ip admission proxy http success redirect
url-string
Specify a URL for redirection of the user in place of the
default login success page.
Command
Purpose
Step 1
ip admission name
rule-name
proxy
http event timeout aaa policy identity
identity_policy_name
Create an AAA failure rule and associate an identity policy to be apply to
sessions when the AAA server is unreachable.
Note
To remove the rule, use the
no ip admission name
rule-name
proxy http event timeout aaa policy
identity
global
configuration command.
Step 2
ip admission ratelimit aaa-down
number_of_sessions
(Optional) Rate-limit the authentication attempts from hosts in the
AAA down state to avoid flooding the AAA server when it returns to
service.