Table of Contents
Authentication Proxy Commands
This chapter explains the function and syntax of the authentication proxy commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Cisco IOS Security Command Reference, Release 12.1.
To clear authentication proxy entries from the router, use the clear ip auth-proxy cache command in EXEC mode.
clear ip auth-proxy cache {* | host ip address}
Syntax Description
*
| Clears all authentication proxy entries, including user profiles and dynamic access lists.
|
host ip address
| Clears the authentication proxy entry, including user profiles and dynamic access lists, for the specified host.
|
To apply an authentication proxy rule at a firewall interface, use the ip auth-proxy command in interface configuration mode. To remove the authentication proxy rules, use the no form of this command.
ip auth-proxy auth-proxy-name
no ip auth-proxy auth-proxy-name
Syntax Description
auth-proxy-name
| Specifies the name of the authentication proxy rule to apply to the interface configuration. The authentication proxy rule is established with the ip auth-proxy name command.
|
To set the authentication proxy idle timeout value (the length of time an authentication cache entry, along with its associated dynamic user ACL, is managed after a period of inactivity), use the ip auth-proxy auth-cache-time command in global configuration mode. To set the default value, use the no form of this command.
ip auth-proxy auth-cache-time min
no ip auth-proxy auth-cache-time
Syntax Description
min
| Specifies the length of time in minutes that an authentication cache entry, along with its associated dynamic user ACL, is managed after a period of inactivity. Enter a value in the range 1 to 2147483647. The default value is 60 minutes.
|
To display the router name in the authentication proxy login page, use the ip auth-proxy auth-proxy-banner command in global configuration mode. To disable display of the router name, use the no form of this command.
ip auth-proxy auth-proxy-banner
no ip auth-proxy auth-proxy-banner
Syntax Description
This command has no arguments or keywords.
To create an authentication proxy rule, use the ip auth-proxy name command in global configuration mode. To remove the authentication proxy rules, use the no form of this command.
ip auth-proxy name auth-proxy-name http [auth-cache-time min] [list std-access-list]
no ip auth-proxy name auth-proxy-name
Syntax Description
auth-proxy-name
| Associates a name with an authentication proxy rule. Enter a name of up to 16 alphanumeric characters.
|
http
| Specifies the protocol that triggers the authentication proxy. The only supported protocol is HTTP.
|
auth-cache-time min
| (Optional) Overrides the global authentication proxy cache timer for a specific authentication proxy name, offering more control over timeout values. Enter a value in the range 1 to 2,147,483,647. The default value is equal to the value set with the ip auth-proxy auth-cache-time command.
|
list std-access-list
| (Optional) Specifies a standard access list to use with the authentication proxy. With this option, the authentication proxy is applied only to those hosts in the standard access list. If no list is specified, all connections initiating HTTP traffic arriving at the interface are subject to authentication.
|
To display the authentication proxy entries or the running authentication proxy configuration, use the show ip auth-proxy command in privileged EXEC mode.
show ip auth-proxy {cache | configuration}
Syntax Description
cache
| Displays the current list of the authentication proxy entries.
|
configuration
| Displays the running authentication proxy configuration.
|
Posted: Wed Jul 26 16:13:08 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.
