I have an interesting observation while testing auth-proxy on a router. The authenticating router has HTTP server enabled but there's nothing set for authentication yet.
I see that the HTTP server default authentication method is set to "enable": R4#sh ip http server all HTTP server status: Enabled HTTP server port: 80 HTTP server authentication method: enable When I initiate HTTP session to the host behind the router R4 I'm challenged with the authentication window, login as "httpuser" that is stored in TACACS and it is successful. R4#sh ip auth-proxy cache Authentication Proxy Cache Client Name httpuser, Client IP 200.13.24.200, Port 1456, timeout 60, Time Remaining 54, state ESTAB Doing HTTP debugs on the router show me that the router chooses aaa as auth-type. *Jul 29 19:55:47.613: uname httpuser *Jul 29 19:55:47.613: timetag 91998348 *Jul 29 19:55:47.613: HTTP: Authentication proxy_username = 'httpuser' priv-level = 0 auth-type = aaa The question is if we set "aaa authentication login default group tacacs" and "aaa authorization auth-proxy default group tacacs" it overrides the local http authentication method? Eugene
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
