Cisco Systems 3560X Manual De Usuario
12-15
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
OL-21521-01
Chapter 12 Configuring Web-Based Authentication
Configuring Web-Based Authentication
Specifying a Redirection URL for Successful Login
You can specify a URL to which the user is redirected after authentication, effectively replacing the
internal Success HTML page.
internal Success HTML page.
When configuring a redirection URL for successful login, consider these guidelines:
•
If the custom authentication proxy web pages feature is enabled, the redirection URL feature is
disabled and is not available in the CLI. You can perform redirection in the custom-login success
page.
disabled and is not available in the CLI. You can perform redirection in the custom-login success
page.
•
If the redirection URL feature is enabled, a configured auth-proxy-banner is not used.
•
To remove the specification of a redirection URL, use the no form of the command.
This example shows how to configure a redirection URL for successful login:
Switch(config)# ip admission proxy http success redirect www.cisco.com
This example shows how to verify the redirection URL for successful login:
Switch# show ip admission configuration
Authentication Proxy Banner not configured
Customizable Authentication Proxy webpage not configured
HTTP Authentication success redirect to URL: http://www.cisco.com
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Watch-list is disabled
Authentication Proxy Max HTTP process is 7
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Configuring an AAA Fail Policy
This example shows how to apply an AAA failure policy:
Switch(config)# ip admission name AAA_FAIL_POLICY proxy http event timeout aaa policy
identity GLOBAL_POLICY1
Command
Purpose
ip admission proxy http success redirect
url-string
Specify a URL for redirection of the user in place of the
default login success page.
default login success page.
Command
Purpose
Step 1
ip admission name rule-name proxy
http event timeout aaa policy identity
identity_policy_name
http event timeout aaa policy identity
identity_policy_name
Create an AAA failure rule and associate an identity policy to be apply to
sessions when the AAA server is unreachable.
sessions when the AAA server is unreachable.
Note
To remove the rule, use the no ip admission name rule-name
proxy http event timeout aaa policy
proxy http event timeout aaa policy
identity global
configuration command.
Step 2
ip admission ratelimit aaa-down
number_of_sessions
number_of_sessions
(Optional) Rate-limit the authentication attempts from hosts in the
AAA down state to avoid flooding the AAA server when it returns to
service.
AAA down state to avoid flooding the AAA server when it returns to
service.