The ip
auth-proxy name Command
The ip auth-proxy name command is used to
create a named authentication proxy rule. The command includes several options
that increase the administrator’s ability to control access. The rule is applied
to an interface on a router using the ip auth-proxy command.
To create an authentication proxy rule, use the global
configuration mode command ip auth-proxy name.
Use the no form of this command with a rule name to remove the
specific authentication proxy rules. If no rule name is specified, the no form
of this command removes all the authentication rules on the router and disables
the proxy on all interfaces. The syntax is
Rtr1(config)#ip auth-proxy name auth-proxy-name http [list {acl# | acl-name}] [auth-cache-time min]
Rtr1(config)#no ip auth-proxy [name auth-proxy-name]
This command was introduced in IOS 12.0(5)T. Support for named and
extended access lists was added with the IOS 12.2 release. Until then, only
standard ACLs could be used.
The first example creates the authentication proxy rule net_users. Because no ACL is specified in the command, all
connection sessions using HTTP traffic will trigger the authentication window
and process.
Rtr1(config)#ip auth-proxy name net_users
http
The next example creates the authentication proxy rule sales_users. The auth-cache- time 15 sets the
idle timer for this rule only to 15 minutes. The “list 77”
reference and related ACL defines the hosts, the 192.168.3.0 network that is
allowed to authenticate. All other traffic is blocked.
Rtr1(config)#ip auth-proxy name sales_users http
auth-cache-time 15 list 77 Rtr1(config)#access-list 77 permit 192.168.1.0
0.0.0.255
In this last example, the first command disables only the sales_users rule, while the last line disables the authentication
proxy on all interfaces and removes any rules from the router configuration, as
well as any related ACL entries.
Rtr1(config)#no ip auth-proxy name sales_users
Rtr1(config)#no ip auth-proxy
Sections
Comments (0 posted)
Syndication
