Configuring Web-Based Authentication
Command
Step 3
ip admission proxy http failure page file
device:fail-filename
Step 4
ip admission proxy http login expired page
file device:expired-filename
When configuring customized authentication proxy web pages, follow these guidelines:
•
•
•
•
•
•
•
•
Because the custom login page is a public web form, consider these guidelines for the page:
•
•
This example shows how to configure custom authentication proxy web pages:
Switch(config)# ip admission proxy http login page file flash:login.htm
Switch(config)# ip admission proxy http success page file flash:success.htm
Switch(config)# ip admission proxy http fail page file flash:fail.htm
Switch(config)# ip admission proxy http login expired page flash flash:expired.htm
This example shows how to verify the configuration of a custom authentication proxy web pages:
Switch# show ip admission configuration
Authentication proxy webpage
Login page
Success page
Fail Page
Login expired Page
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Session ratelimit is 100
Authentication Proxy Watch-list is disabled
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-14
To enable the custom web pages feature, specify all four custom HTML files. If you specify fewer
than four files, the internal default HTML pages are used.
The four custom HTML files must be present on the flash memory of the switch. The maximum size
of each HTML file is 8 KB.
Any images on the custom pages must be on an accessible HTTP server. Configure an intercept ACL
within the admission rule.
Any external link from a custom page requires configuration of an intercept ACL within the
admission rule.
T o access a valid DNS server, any name resolution required for external links or images requires
configuration of an intercept ACL within the admission rule.
If the custom web pages feature is enabled, a configured auth-proxy-banner is not used.
If the custom web pages feature is enabled, the redirection URL for successful login feature is not
available.
To remove the specification of a custom file, use the no form of the command.
The login form must accept user entries for the username and password and must show them as
uname and pwd.
The custom login page should follow best practices for a web form, such as page timeout, hidden
password, and prevention of redundant submissions.
: flash:login.htm
: flash:success.htm
: flash:fail.htm
: flash:expired.htm
Purpose
Specify the location of the custom HTML file to use in place of the
default login failure page.
Specify the location of the custom HTML file to use in place of the
default login expired page.
Chapter 1
Configuring Web-Based Authentication
OL-25303-03