Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Clearing the auth-proxy Cache Displaying Dynamic ACL Entries

Clearing the auth-proxy Cache Displaying Dynamic ACL Entries

Sep 20,2009 by alperen

small font medium font large font
image

Clearing the auth-proxy Cache

To clear authentication cache entries manually from the firewall before they time out, use the clear ip auth-proxy cache command in privileged EXEC mode. Use the Asterisk option to delete all authentication cache entries. Enter a specific IP address to delete an entry for a single host. The syntax is

Rtr1#clear ip auth-proxy cache {* | host-ip-address}

Displaying Dynamic ACL Entries

When the authentication proxy is in use, dynamic access list entries are added and removed as temporary authentication sessions are added and deleted. When no open sessions exist, there won’t be any dynamic entries. To display any dynamic access list entries, use the show ip access-lists command in privileged EXEC mode. The number of matches displayed in parentheses indicates the number of times the access list entry was used.

Both the idle timeout parameter and the clear ip auth-proxy cache command from the last section can cause no dynamic entries to occur in the display. The syntax to display any access lists configured on the firewall, including dynamic ACL entries, is

Rtr1# show ip access-lists

This following shows the ACL entries prior to any authentication proxy sessions.

Rtr1#show ip access-lists
Extended IP access list 160
 deny tcp any any eq telnet
 deny udp any any
 permit tcp any any (41 matches)
 permit ip any any

This next output shows the same ACL following user authentication. The first six lines represent the downloaded user profile enabling the specified features for the authenticated user. The last four lines are the same lines as in the previous example after more traffic.

Rtr1#show ip access-lists
Extended IP access list 160
permit tcp host 192.168.1.10 any eq 69
permit icmp host 192.168.1.10 host 192.168.4.2
permit tcp host 192.168.1.10 any eq telnet
permit tcp host 192.168.1.10 any eq ftp
permit tcp host 192.168.1.10 any eq ftp-data
permit tcp host 192.168.1.10 any eq smtp
deny tcp any any eq telnet
deny udp any any
permit tcp any any (76 matches)
permit ip any any

For more information, go to the Cisco web site www.cisoarrticles.com and search for authentication proxy. No CCO account is required.


644 times read

Related news
» The ip auth-proxy auth-cache-time Command
by alperen posted on Sep 19,2009
» User Profiles and Dynamic ACL Entries
by alperen posted on Sep 16,2009
» Display Dynamic Access Lists
by alperen posted on Sep 09,2009
» Verify Authentication Proxy Configuration
by alperen posted on Sep 20,2009
» Idle Timer
by alperen posted on Sep 16,2009
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.