Chapter 11
Configuring Web-Based Authentication
Specifying a Redirection URL for Successful Login
You can specify a URL to which the user is redirected after authentication, effectively replacing the
internal Success HTML page.
Command
ip admission proxy http success redirect url-string
When configuring a redirection URL for successful login, consider these guidelines:
•
•
•
This example shows how to configure a redirection URL for successful login:
Switch(config)# ip admission proxy http success redirect www.cisco.com
This example shows how to verify the redirection URL for successful login:
Switch# show ip admission configuration
Authentication Proxy Banner not configured
Customizable Authentication Proxy webpage not configured
HTTP Authentication success redirect to URL: http://www.cisco.com
Authentication global cache time is 60 minutes
Authentication global absolute time is 0 minutes
Authentication global init state time is 2 minutes
Authentication Proxy Watch-list is disabled
Authentication Proxy Max HTTP process is 7
Authentication Proxy Auditing is disabled
Max Login attempts per user is 5
Configuring an AAA Fail Policy
Command
Step 1
ip admission name rule-name proxy
http event timeout aaa policy identity
identity_policy_name
Step 2
ip admission ratelimit aaa-down
number_of_sessions
This example shows how to apply an AAA failure policy:
Switch(config)# ip admission name AAA_FAIL_POLICY proxy http event timeout aaa policy
identity GLOBAL_POLICY1
OL-9775-08
If the custom authentication proxy web pages feature is enabled, the redirection URL feature is
disabled and is not available in the CLI. You can perform redirection in the custom-login success
page.
If the redirection URL feature is enabled, a configured auth-proxy-banner is not used.
To remove the specification of a redirection URL, use the no form of the command.
Purpose
Create an AAA failure rule and associate an identity policy to be apply to
sessions when the AAA server is unreachable.
Note
(Optional) Rate-limit the authentication attempts from hosts in the
AAA down state to avoid flooding the AAA server when it returns to
service.
Purpose
Specify a URL for redirection of the user in place of the
default login success page.
To remove the rule, use the no ip admission name rule-name
proxy http event timeout aaa policy identity global
configuration command.
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
Configuring Web-Based Authentication
11-15