Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : The ip auth-proxy auth-cache-time Command

The ip auth-proxy auth-cache-time Command

Sep 19,2009 by alperen

small font medium font large font
image

The ip auth-proxy auth-cache-time Command

Use the global configuration ip auth-proxy command with the auth-cache-time option to set the authentication proxy global idle timeout value. This cache idle timer monitors the length of time (in minutes) that an authentication cache entry, along with its associated dynamic user access control list entry, is managed after a period of inactivity. When that period of inactivity expires, the authentication entry and the associated dynamic access list entries are deleted.

If CBAC is also configured on the router, the auth-cache-time timeout value must be set higher than the idle timeout for any context-based access control protocols. If not, when the authentication proxy timer expires and removes the user profile and any associated dynamic user ACLs, idle connections could be monitored by CBAC. Deleting these ACL entries can cause the idle connections to hang.

The reverse isn’t a problem when the CBAC idle timeout value is shorter. CBAC always resets the idle connections whenever the CBAC idle timeout expires, which would then be before the authentication proxy removes the user profile. Use the no form of the command to restore the default. The syntax is

Rtr1(config)#ip auth-proxy auth-cache-time min
Rtr1(config)#no ip auth-proxy auth-cache-time

auth-cache-time min

Specifies the minutes of inactivity an authentication cache entry and the associated dynamic user ACL entry will exist before being deleted. Acceptable values: 1 to 2,147,483,647 minutes.

This command was introduced in IOS 12.0(5)T. The default value is 60 minutes.

The following example sets the authorization cache idle timeout to 20 minutes.

Rtr1(config)#ip auth-proxy auth-cache-time 20

409 times read

Related news
» Idle Timer
by alperen posted on Sep 16,2009
» Verify Authentication Proxy Configuration
by alperen posted on Sep 20,2009
» The ip auth-proxy name Command
by alperen posted on Sep 19,2009
» Clearing the auth-proxy Cache Displaying Dynamic ACL Entries
by alperen posted on Sep 20,2009
» Authentication Proxy
by admin posted on Jul 21,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.