Wednesday 26 January 2011

Auth-Proxy configuration

Auth-Proxy configuration

config to setup Auth Proxy on Cisco Router .


aaa new-model
aaa authentication login default group tacacs+
aaa authentication login free none
aaa authentication login AUTH-PROXY group tacacs+
aaa authorization auth-proxy default group tacacs+

ip access-list extencec AUTH-PROXY-ACL
permit tcp any host 10.10.10.1 eq www log
ip auth-proxy name AUTH-PROXY http inactivity-time 5 list AUTH-PROXY-ACL

int ethernet 0/1
ip auth-proxy AUTH-PROXY




now http server need to be running so we need to enable the https server service on our device

ip http server
ip http authentication aaa login-authentication AUTH-PROXY
tacacs-server host 1.1.1.1
tacacs-server key cisco123


Setup authentication free none mentioned in initial lines of config to avoid any lock down on our box.

line con 0
login authentication free



Now Setup ACS server

under interface configuration enter new service
auth-proxy.

group setup

make sure auth-proxy is checked

check custom attribute
enetre acl to apply after user is authenticated
entre the privil levle for implmeentatiopn the auth proxy acl Priv level 15

thats it it should work .
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)