11-14
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 11 Configuring Web-Based Authentication
Configuring Web-Based Authentication
When configuring customized authentication proxy web pages, follow these guidelines:
To enable the custom web pages feature, specify all four custom HTML files. If you specify fewer
than four files, the internal default HTML pages are used.
The four custom HTML files must be present on the flash memory of the switch. The maximum size
of each HTML file is 8 KB.
Any images on the custom pages must be on an accessible HTTP server. Configure an intercept ACL
within the admission rule.
Any external link from a custom page requires configuration of an intercept ACL within the
admission rule.
T o access a valid DNS server, any name resolution required for external links o r images requires
configuration of an intercept ACL within the admission rule.
If the custom web pages feature is enabled, a configured aut h-proxy-banner is not used.
If the custom web pages feature is enabled, the redirection URL for successful login featu re is not
available.
To remove the specification of a custom file, use the no form of the command.
Because the custom login page is a public web form, consider these guidelines for the page :
The login form must accept user entries for the userna me and password and must show them as
uname and pwd.
The custom login page should follow best practices for a web for m, such as page timeout, hidden
password, and prevention of redundant submissions.
This example shows how to configure custom authentication proxy web pages:
Switch(config)# ip admission proxy http login page file flash:login.htm
Switch(config)# ip admission proxy http success page file flash:success.htm
Switch(config)# ip admission proxy http fail page file flash:fail.htm
Switch(config)# ip admission proxy http login expired page flash flash:expired.htm
This example shows how to verify the configuration of a custom authentication proxy web pages:
Switch# show ip admission configuration
Authentication proxy webpage
Login page : flash:login.htm
Success page : flash:success.htm
Fail Page : flash:fail.htm
Login expired Page : flash:expired.htm
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Session ratelimit is 100
Authentication Proxy Watch-list is disabled
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Step 3 ip admission proxy http failure page file
device:fail-filename
Specify the location of the custom HTML file to use in
place of the default login failure page.
Step 4 ip admission proxy http login expired page file
device:expired-filename
Specify the location of the custom HTML file to use in
place of the default login expired page.
Command Purpose