Cisco Systems 3560-X, 3750-X Web Authentication Customizable Web Pages

12-6

Catalyst 3750-X and 3560-X Switch Software Configuration Guide

OL-21521-01

Chapter 12 Configuring Web-Based Authentication

Understanding Web-Based Authentication

Web Authentication Customizable Web Pages

During the web-based authentication process, the switch internal HTTP server hosts four HTML pages

to deliver to an authenticating client. The server uses these pages to notify you of these

four-authentication process states:

• Login—Your credentials are requested.

• Success—The login was successful.

• Fail—The login failed.

• Expire—The login session has expired because of excessive login failures.

• You can substitute your own HTML pages for the default internal HTML pages.

• You can use a logo or specify text in the login, success, failure, and expire web pages.

• On the banner page, you can specify text in the login page.

• The pages are in HTML.

• You must include an HTML redirect command in the success page to access a specific URL.

• The URL string must be a valid URL (for example, http://www.cisco.com). An incomplete URL

might cause page not found or similar errors on a web browser.

• If you configure web pages for HTTP authentication, they must include the appropriate HTML

commands (for example, to set the page time out, to set a hidden password, or to confirm that the

same page is not submitted twice).

• The CLI command to redirect users to a specific URL is not available when the configured login

form is enabled. The administrator should ensure that the redirection is configured in the web page.

• If the CLI command redirecting users to specific URL after authentication occurs is entered and then

the command configuring web pages is entered, the CLI command redirecting users to a specific

URL does not take effect.

• Configured web pages can be copied to the switch boot flash or flash.

• On stackable switches, configured pages can be accessed from the flash on the stack master or

members.

• The login page can be on one flash, and the success and failure pages can be another flash (for

example, the flash on the stack master or a member).

• You must configure all four pages.

• The banner page has no effect if it is configured with the web page.

• All of the logo files (image, flash, audio, video, and so on) that are stored in the system directory

(for example, flash, disk0, or disk) and that must be displayed on the login page must use

web_auth_<filename> as the file name.

• The configured authentication proxy feature supports both HTTP and SSL.

You can substitute your HTML pages, as shown inFigure 12-5 on page 12-7, for the default internal

HTML pages. You can also specify a URL to which users are redirected after authentication occurs,

which replaces the internal Success page.