As stated previously, you must apply authentication proxy rules to at least one interface. To apply an authentication proxy rule, you must create a named rule. The syntax to create a named authentication proxy rule is Router(config)# ip auth-proxy name auth-proxy-name http You can also override the global authentication proxy idle time by using this syntax: Router(config)# ip auth-proxy name auth-proxy-name http auth-cache-time minutes Here is an example of creating an authentication proxy rule named TANKLIVES : Router(config)# ip auth-proxy name TANKLIVES http The use of uppercase or lowercase characters is arbitrary. However, we like to use uppercase characters to easily distinguish between commands, keywords, and user -defined names . You can also use ACLs with authentication proxy. When you use ACLs with authentication proxy, only specific networks or hosts are required to use authentication proxy. As the network administrator, you really don't want to have to authenticate, do you? The syntax to create a named authentication proxy rule with an access list is Router(config)# ip auth-proxy name auth-proxy-name http list standard - acl-number Here is an example of creating an authentication proxy rule named MORPHEUS with a standard IP access list that is numbered 28: Router(config)# ip auth-proxy name MORPHEUS http list 28 Figure 7.10 shows how you configure a Cisco router for authentication proxy using an ACL. Figure 7.10. Configuring Cisco Router for authentication proxy using ACLs.
|