Cisco Systems IE 2000

14-7

Cisco IE 2000 Switch Software Configuration Guide

OL-25866-01

Chapter 14 Configuring Web-Based Authentication

Information About Configuring Web-Based Authentication

• If you configure web pages for HTTP authentication, they must include the appropriate HTML

commands (for example, to set the page time out, to set a hidden password, or to confirm that the

same page is not submitted twice).

• The CLI command to redirect users to a specific URL is not available when the configured login

form is enabled. The administrator should ensure that the redirection is configured i n the web page.

• If the CLI command redirecting users to a specific URL after authentication occurs is entered and

then the command configuring web pages is entered, the CLI command redirecting users to a

specific URL does not take effect.

• Configured web pages can be copied to the switch boot flash or flash .

• Configured pages can be accessed from the flash on the stack master or members.

• The login page can be on one flash, and the success and failure pages can be another flash (for

example, the flash on the stack master or a me mber).

• You must configure all four pages.

• The banner page has no effect if it is configured with the web page.

• All of the logo files (image, flash, audio, video, and so on) that are stored in the system directory

(for example, flash, disk0, or disk) and that must be displayed on the login page must use

web_auth_filename as the filename.

• The configured authentication proxy feature supports both HTTP and SSL.

When configuring customized authentication proxy web pages, follow these guidelines:

• To enable the custom web pages feature, specify all four custom HTML files. If you specify fewer

than four files, the internal default HTML pages are used.

• The four custom HTML files must be present on the flash memory of the switch. The maximum size

of each HTML file is 8 KB.

• Any images on the custom pages must be on an accessible HTTP server. Configure an intercept ACL

within the admission rule.

• Any external link from a custom page requires configuration of an intercept ACL within the

admission rule.

• To access a valid DNS server, any name resolution required for external links or images requires

configuration of an intercept ACL within the admission rule.

• If the custom web pages feature is enabled, a configured aut h-proxy-banner is not used.

• If the custom web pages feature is enabled, the redirection URL for successful login featu re is not

available.

• To remove the specification of a custom file, use the no form of the command.

Because the custom login page is a public web form, consider these guidelines for the page :

• The login form must accept user entries for the userna me and password and must show them as

uname and pwd.

• The custom login page should follow best practices for a web for m, such as page timeout, hidden

password, and prevention of redundant submissions.

You can substitute your HTML pages, as shown in Figure 14-5, for the default internal HTML pages.

You can also specify a URL to which users are redirected after authentication occurs, which replaces the

internal Success page.