O'Reilly logo

AAA Identity Management Security by Brandon J. Carroll, - CCIE #23837, Premdeep Banga, - CCIE #21713, Vivek Santuka, - CCIE #17621

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 11. Router

This chapter covers the following subjects:

• Authentication Proxy on IOS Routers

Authentication Proxy Authorization

• Configuring Downloadable ACLs for Authentication Proxy

Authentication Proxy Accounting

Chapter 10, “Cut-Through Proxy AAA on Pix/ASA,” covered the limitations of IP address-based restrictions and the need for per-user based access restriction. Similar to the cut-through proxy authentication method on ASA/PIX, IOS-based routers provide the Authentication Proxy feature to restrict access based on user profiles.

When Authentication Proxy is enabled, traffic flowing through the router is intercepted and the authentication cache is checked to see whether the user is already authenticated. If a valid authentication ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required