1> This command will try first to authenticate using a local database (username john password 0 doe
) if it returns an error (if you dont set any username, I believe) it will try the TACACS server.
2>ip auth-proxy name list_a http
This command creates a named authentication proxy rule, and it allows you to associate that rule with an access control list (ACL), providing control over which hosts use the authentication proxy.
Because an access list is not specified in the rule, all connection-initiating HTTP traffic is subjected to authentication.
ip auth-proxy list_a
The rule is applied to an interface on a router using this command
3>
ACL 116 is blocking traffic from the host 10.31.1.47 to other webservers (it only allows it to talk with the router).
After authenticating , new lines will be added to the front of the ACL and then it will be allowed to talk to the webserver.
HTH,
rate this post if it does,
vlad