ip auth−proxy

ajay chauhan — Sun, 10 Mar 2019 21:47:56 GMT

Can somebody explain me meaning of follwoing commands in the link given below.

1)aaa authentication login default local group RTP none

In this command default is local will it prompt user to TACACS 1st.

2)ip auth−proxy name list_a http and ip auth−proxy list_a

what is the meaning of putting these command .

3) access−list 116 permit tcp host 40.31.1.47 host 40.31.1.150 eq www

why this access-list is required.

4) there is no access-list from host to webserver ??

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a0080094655.shtml

Re: ip auth−proxy

vladrac-ccna — Tue, 17 Oct 2006 11:48:38 GMT

1> This command will try first to authenticate using a local database (username john password 0 doe

) if it returns an error (if you dont set any username, I believe) it will try the TACACS server.

2>ip auth-proxy name list_a http

This command creates a named authentication proxy rule, and it allows you to associate that rule with an access control list (ACL), providing control over which hosts use the authentication proxy.

Because an access list is not specified in the rule, all connection-initiating HTTP traffic is subjected to authentication.

ip auth-proxy list_a

The rule is applied to an interface on a router using this command

ACL 116 is blocking traffic from the host 10.31.1.47 to other webservers (it only allows it to talk with the router).

After authenticating , new lines will be added to the front of the ACL and then it will be allowed to talk to the webserver.

HTH,

rate this post if it does,

vlad

topic Re: ip auth−proxy in Network Access Control

ip auth−proxy

Re: ip auth−proxy