Chapter 11. Router

This chapter covers the following subjects:

• Authentication Proxy on IOS Routers

Authentication Proxy Authorization

• Configuring Downloadable ACLs for Authentication Proxy

Authentication Proxy Accounting

Chapter 10, “Cut-Through Proxy AAA on Pix/ASA,” covered the limitations of IP address-based restrictions and the need for per-user based access restriction. Similar to the cut-through proxy authentication method on ASA/PIX, IOS-based routers provide the Authentication Proxy feature to restrict access based on user profiles.

When Authentication Proxy is enabled, traffic flowing through the router is intercepted and the authentication cache is checked to see whether the user is already authenticated. If a valid authentication ...

Get AAA Identity Management Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.