11-15
Catalyst 2960 and 2960-S Switch Software Configuration Guide
OL-8603-09
Chapter 11 Configuring Web-Based Authentication
Configuring Web-Based Authentication

Specifying a Redirection URL for Successful Login

You can specify a URL to which the user is redirected after authentication, effectively replacing the
internal Success HTML page.
When configuring a redirection URL for successful login, consid er these guidelines:
If the custom authentication proxy web pages feature is enabled, the redirection URL feature is
disabled and is not available in the CLI. You can perform redirection in the custom-login success
page.
If the redirection URL feature is enabled, a configured auth-proxy-banner is not used.
To remove the specification of a redirection URL, use the no form of the command.
This example shows how to configure a redirection URL for successful login:
Switch(config)# ip admission proxy http success redirect www.cisco.com
This example shows how to verify the redirection URL for successful login:
Switch# show ip admission configuration
Authentication Proxy Banner not configured
Customizable Authentication Proxy webpage not configured
HTTP Authentication success redirect to URL: http://www.cisco.com
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Watch-list is disabled
Authentication Proxy Max HTTP process is 7
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Configuring an AAA Fail Policy
This example shows how to apply an AAA failure policy:
Switch(config)# ip admission name AAA_FAIL_POLICY proxy http event timeout aaa policy
identity GLOBAL_POLICY1
Command Purpose
ip admission proxy http success redirect url-string Specify a URL for redirection of the user in place of the
default login success page.
Command Purpose
Step 1 ip admission name rule-name proxy
http event timeout aaa policy identity
identity_policy_name
Create an AAA failure rule and associate an identity policy to be apply to
sessions when the AAA server is unreachable.
Note To remove the rule, use the no ip admission name rule-name
proxy http event timeout aaa policy identity global
configuration command.
Step 2 ip admission ratelimit aaa-down
number_of_sessions
(Optional) Rate-limit the authentication attempts from hosts in the
AAA down state to avoid flooding the AAA server when it returns to
service.