Добавил:
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз: Предмет: Файл:
Securing Cisco IOS Networks Study Guide - Carl Timm.pdf
Скачиваний:
71
Добавлен:
24.05.2014
Размер:
9.74 Mб
Скачать

188

Chapter 6 Cisco IOS Firewall Authentication and Intrusion Detection

Lab_B(config)#ip http authentication ?

aaa

Use AAA access control methods

enable

Use enable passwords

local

Use local username and passwords

path

Set base path for HTML

tacacs

Use tacacs to authorize user

Lab_B(config)#ip http authentication aaa

Lab_B(config)#^Z

Lab_B#

Sweet! Now that Lab B’s AAA configuration is complete, the foundation is in place for the IOS Firewall Authentication Proxy configuration. If you need a bit of a break, now’s a great time to take one.

Configuring the Authentication Proxy

Okay, back to work! With the AAA configuration in place, the Authentication Proxy configuration is a breeze. The first thing to do is to specify the Authentication Proxy idle timeout value. This is the amount of time in minutes that idle connections will be maintained by the Authentication Proxy. The default value is 60 minutes, which may or may not work for you. Remember that example of the Sales Exec and her daughter? Yikes! Okay, let’s cut that default time in half. Here’s a look at Lab_B router’s output:

Lab_B#conf t

Lab_B(config)#ip auth-proxy auth-cache-time 30

Lab_B(config-if)#^Z

Lab_B#

You can reset this to the default by using the no ip auth-proxy auth-cache-time command in global configuration mode.

Next, you’ll create an Authentication Proxy rule and name it toddlock:

Lab_B#conf t

Lab_B(config)#ip auth-proxy name toddlock ? http HTTP Protocol

<cr>

Lab_B(config)#ip auth-proxy name toddlock http

Lab_B(config)#^Z

Lab_B#

Copyright ©2003 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501.

www.sybex.com