Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure authentication proxy on a router using a local AAA database
What is AAA?
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization, and accounting (AAA) services. The AAA server typically interacts with network access and gateway servers and with databases and directories containing user information. The current standard by which devices or applications communicate with an AAA server is the Remote Authentication Dial-In User Service (RADIUS).
Authentication proxy (auth-proxy) is used to authenticate inbound or outbound users, or both. These users are normally blocked by an access list. However, with auth-proxy the users bring up a browser to go through the firewall and authenticate on a TACACS+ or RADIUS server. The server passes additional access list entries down to the router to allow the users through after authentication.
The authentication proxy supports Telnet, HTTP, and FTP services.
Note: The authentication proxy service for secure shell (SSH) connections is not supported.
This configuration example shows how to configure the authentication proxy service for Telnet/HTTP using a local AAA database on routers:
aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization auth-proxy default local ! aaa attribute list cisco attribute type priv-lvl 15 service auth-proxy protocol ip ! ip auth-proxy name cisco telnet inactivity-time 60 ip auth-proxy name security http inactivity-time 60 ! username cisco privilege 15 password 0 cisco username cisco aaa attribute list cisco ! interface FastEthernet0/0 ip address x.x.x.x 255.255.255.224 ip auth-proxy security duplex auto speed auto ! interface FastEthernet1/0 ip address y.y.y.y 255.255.255.0 ip auth-proxy cisco duplex auto speed auto ! ip http server ip http authentication local no ip http secure-server
Note: Arouter can have only one authentication proxy service applied per interface (for example, either Telnet or HTTP). In this example configuration, the authentication proxy Telnet service is applied on interface fa1/0 and the HTTP service is applied on fa0/0.