Cisco Cisco NAC Appliance 4.1.0
Cisco NAC Appliance - Clean Access Manager Installation and Administration Guide
OL-12214-01
Chapter 5 Configuring User Login Page and Guest Access
User Login Page
User Login Page
The login page is generated by Cisco NAC Appliance and shown to end users by role. When users first
try to access the network from a web browser, an HTML login page appears prompting the users for a
user name and password. Cisco NAC Appliance submits these credentials to the selected authentication
provider, and uses them determine the role in which to put the user. You can customize this web login
page to target the page to particular users based on a user’s VLAN ID, subnet, and operating system.
try to access the network from a web browser, an HTML login page appears prompting the users for a
user name and password. Cisco NAC Appliance submits these credentials to the selected authentication
provider, and uses them determine the role in which to put the user. You can customize this web login
page to target the page to particular users based on a user’s VLAN ID, subnet, and operating system.
Caution
A login page must be added and present in the system in order for both web login and Clean Access
Agent users to authenticate. If a default login page is not present, Clean Access Agent users will see an
error dialog when attempting login (“Clean Access Server is not properly configured, please report to
your administrator.”). To quickly add a default login page, see
Agent users to authenticate. If a default login page is not present, Clean Access Agent users will see an
error dialog when attempting login (“Clean Access Server is not properly configured, please report to
your administrator.”). To quickly add a default login page, see
.
Cisco NAC Appliance detects a number of client operating system types, including Windows, MAC,
Linux, Solaris, Unix, Palm, Windows CE, and others. Cisco NAC Appliance determines the OS the client
is running from the OS identification in the HTTP GET request, the most reliable and scalable method.
When a user makes a web request from a detected operating system, such as Windows XP, the CAS can
respond with the page specifically adapted for the target OS.
Linux, Solaris, Unix, Palm, Windows CE, and others. Cisco NAC Appliance determines the OS the client
is running from the OS identification in the HTTP GET request, the most reliable and scalable method.
When a user makes a web request from a detected operating system, such as Windows XP, the CAS can
respond with the page specifically adapted for the target OS.
When customizing the login page, you can use several styles:
•
Frame-based login page (in which the login fields appear in a left-hand frame). This allows logos,
files, or URLs to be referenced in the right frame of the page.
files, or URLs to be referenced in the right frame of the page.
•
Frameless login page (shown in
)
•
Small screen frameless login page. The small page works well with Palm and Windows CE devices.
The dimensions of the page are about 300 by 430 pixels.
The dimensions of the page are about 300 by 430 pixels.
Additionally, you can customize images, text, colors, and most other properties of the page.
This section describes how to add and customize the login page for all Clean Access Servers using the
global forms of the Clean Access Manager. To override the global settings and customize a login page
for a particular Clean Access Server, use the local configuration pages found under Device Management
> CCA Servers > Manage [CAS_IP] > Misc > Login Page. For further details, see the Cisco NAC
Appliance - Clean Access Server Installation and Administration Guide.
global forms of the Clean Access Manager. To override the global settings and customize a login page
for a particular Clean Access Server, use the local configuration pages found under Device Management
> CCA Servers > Manage [CAS_IP] > Misc > Login Page. For further details, see the Cisco NAC
Appliance - Clean Access Server Installation and Administration Guide.
Unauthenticated Role Traffic Policies
If a login page is customized to reference an external URL or server resource, a traffic policy must be
created for the Unauthenticated role to allow users HTTP access to that URL or server. For details on
configuring traffic policies for user roles, see
created for the Unauthenticated role to allow users HTTP access to that URL or server. For details on
configuring traffic policies for user roles, see
Note
If Unauthenticated role policies are not configured to allow access to the elements referenced by the
login page, or if a referenced web page becomes unavailable for some reason, you may see errors such
as the login page continuing to redirect to itself after login credentials are submitted.
login page, or if a referenced web page becomes unavailable for some reason, you may see errors such
as the login page continuing to redirect to itself after login credentials are submitted.