Redirection Url For Successful Login Guidelines; Web-Based Authentication Interactions With Other Features; Port Security; Lan Port Ip - Cisco Catalyst 2960-XR Security Configuration Manual
Ios release 15.0 2 ex1
Hide thumbs
Also See for Catalyst 2960-XR:
- Configuration manual (196 pages) ,
- Configuration manuals (120 pages) ,
- Reference (52 pages)
Table of Contents
Advertisement
Configuring Web-Based Authentication
• The login form must accept user entries for the username and password and must show them as uname
• The custom login page should follow best practices for a web form, such as page timeout, hidden
Related Topics
Customizing the Authentication Proxy Web Pages, on page 318
Redirection URL for Successful Login Guidelines
When configuring a redirection URL for successful login, consider these guidelines:
• If the custom authentication proxy web pages feature is enabled, the redirection URL feature is disabled
• If the redirection URL feature is enabled, a configured auth-proxy-banner is not used.
• To remove the specification of a redirection URL, use the no form of the command.
Related Topics
Specifying a Redirection URL for Successful Login, on page 319
Web-based Authentication Interactions with Other Features
Port Security
You can configure web-based authentication and port security on the same port. Web-based authentication
authenticates the port, and port security manages network access for all MAC addresses, including that of the
client. You can then limit the number or group of clients that can access the network through the port.
For more information about enabling port security, see the .
LAN Port IP
You can configure LAN port IP (LPIP) and Layer 2 web-based authentication on the same port. The host is
authenticated by using web-based authentication first, followed by LPIP posture validation. The LPIP host
policy overrides the web-based authentication host policy.
If the web-based authentication idle timer expires, the NAC policy is removed. The host is authenticated, and
posture is validated again.
Gateway IP
You cannot configure Gateway IP (GWIP) on a Layer 3 VLAN interface if web-based authentication is
configured on any of the switch ports in the VLAN.
You can configure web-based authentication on the same Layer 3 interface as Gateway IP. The host policies
for both features are applied in software. The GWIP policy overrides the web-based authentication host policy.
OL-29434-01
and pwd.
password, and prevention of redundant submissions.
and is not available in the CLI. You can perform redirection in the custom-login success page.
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
Web-based Authentication Interactions with Other Features
309
Hide quick links:
Advertisement
Table of Contents
