Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
802
Views
10
Helpful
3
Replies

DOT1X WEBAUTH REDIRECT

askalot
Level 1
Level 1

‎12-15-2022 05:13 AM

Hello,

I understand that following configurations are required on a cisco switch to facilitate redirection for webauth:

ip http server

ip http secure-server.

Is the ip http secure-server configuration absolutely necessary? I'm asking because we've enabled it as a result of which we've been bombarded with vulnerabilities owing to https certificates on the ios devices. I'm hoping that we can do without enabling https on the switches so that I shut it off and resolve the flagged issues.

0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎12-15-2022 05:17 AM

@askalot no it's not recommended to redirect using https - so configure "no ip http secure-server" to disable.

Rodrigo Diaz
Cisco Employee
Cisco Employee

‎12-15-2022 09:28 AM

@askalot 

For this specific scenario, you might review the redirection flow that you want to implement , the  "ip http server " command in catalyst platforms is required for http traffic exclusively and the " ip http secure-server" for https , in any case if you have problems using https within ios , I would attempt/redesign  a flow to use only http for now while reviewing the vulnerabilities you mention. 

thomas
Cisco Employee
Cisco Employee

‎12-16-2022 10:34 AM

Please see our ISE Secure Wired Access Prescriptive Deployment Guide > Web Authentication/URL Redirection and ACLs which has examples and explanations.

0 Helpful
Customers Also Viewed These Support Documents