Wednesday, 26 January 2011

Auth-Proxy configuration

Auth-Proxy configuration

config to setup Auth Proxy on Cisco Router .

aaa authentication login default group tacacs+
aaa authentication login free none
aaa authentication login AUTH-PROXY group tacacs+
aaa authorization auth-proxy default group tacacs+

ip access-list extencec AUTH-PROXY-ACL
permit tcp any host eq www log
ip auth-proxy name AUTH-PROXY http inactivity-time 5 list AUTH-PROXY-ACL

int ethernet 0/1
ip auth-proxy AUTH-PROXY

now http server need to be running so we need to enable the https server service on our device

http server
ip http authentication aaa login-authentication AUTH-PROXY
tacacs-server host
tacacs-server key cisco123

Setup authentication free none mentioned in initial lines of config to avoid any lock down on our box.

line con 0
login authentication free

Now Setup ACS server

under interface configuration enter new service

group setup

make sure auth-proxy is checked

check custom attribute
enetre acl to apply after user is authenticated
entre the privil levle for implmeentatiopn the auth proxy acl Priv level 15

thats it it should work .

No comments:

Post a Comment