Chapter 14. Authentication Proxy
The last chapter discussed how you can use lock-and-key to authenticate users before allowing them access through your perimeter router. As you recall, lock-and-key requires a user first to Telnet into the router to authenticate. Then the Telnet is terminated by the router, and a dynamic ACL entry is created for the user to allow traffic through the router. Lock-and-key is a nifty feature, but it does have limitations:
• It was developed primarily for dialup use, with only one user accessing the router’s interface.
• The extended ACL applied to the interface can have only one dynamic entry, which all users must share; this makes it almost impossible to enforce per-user restrictions.
• It requires you to Telnet ...
Get Cisco Router Firewall Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
