https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4740820#M578865 <P>Please see our <LI-MESSAGE title="ISE Secure Wired Access Prescriptive Deployment Guide" uid="3641515" url="https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/m-p/3641515#U3641515" discussion_style_icon_css="lia-mention-container-editor-message lia-img-icon-tkb-thread lia-fa-icon lia-fa-tkb lia-fa-thread lia-fa"></LI-MESSAGE> &gt; <STRONG>Web Authentication/URL Redirection and ACLs</STRONG> which has examples and explanations.</P> Fri, 16 Dec 2022 18:34:24 GMT thomas 2022-12-16T18:34:24Z https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4739681#M578842 <P>Hello,</P><P>I understand that following configurations are required on a cisco switch to facilitate redirection for webauth:</P><P>ip http server</P><P>ip http secure-server.</P><P>Is the ip http secure-server configuration absolutely necessary? I'm asking because we've enabled it as a result of which we've been bombarded with vulnerabilities owing to https certificates on the ios devices. I'm hoping that we can do without enabling https on the switches so that I shut it off and resolve the flagged issues.</P> Thu, 15 Dec 2022 13:13:26 GMT https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4739681#M578842 askalot 2022-12-15T13:13:26Z https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4739684#M578843 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1194762">@askalot</a> no it's not recommended to redirect using https - so configure "no ip http secure-server" to disable.</P> Thu, 15 Dec 2022 13:17:12 GMT https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4739684#M578843 Rob Ingram 2022-12-15T13:17:12Z https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4739836#M578847 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1194762">@askalot</a>&nbsp;</P> <P>For this specific scenario, you might review the redirection flow that you want to implement , the&nbsp; "ip http server " command in catalyst platforms is required for http traffic exclusively and the " ip http secure-server" for https , in any case if you have problems using https within ios , I would attempt/redesign&nbsp; a flow to use only http for now while reviewing the vulnerabilities you mention.&nbsp;</P> Thu, 15 Dec 2022 17:28:05 GMT https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4739836#M578847 Rodrigo Diaz 2022-12-15T17:28:05Z https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4740820#M578865 <P>Please see our <LI-MESSAGE title="ISE Secure Wired Access Prescriptive Deployment Guide" uid="3641515" url="https://community.cisco.com/t5/security-knowledge-base/ise-secure-wired-access-prescriptive-deployment-guide/m-p/3641515#U3641515" discussion_style_icon_css="lia-mention-container-editor-message lia-img-icon-tkb-thread lia-fa-icon lia-fa-tkb lia-fa-thread lia-fa"></LI-MESSAGE> &gt; <STRONG>Web Authentication/URL Redirection and ACLs</STRONG> which has examples and explanations.</P> Fri, 16 Dec 2022 18:34:24 GMT https://community.cisco.com/t5/network-access-control/dot1x-webauth-redirect/m-p/4740820#M578865 thomas 2022-12-16T18:34:24Z